Mozilla Vulnerability

2 August 2004 8:35

Following on from the Shell security issue recently here’s another vulnerability in Mozilla.

A flaw in the Mozilla/FireFox web browsers (which I typically recommend,
and (probably) still do recommend), has come to light.
The problem was raised in 1999, and has been opened under a “5-year rule”
(similar concept to UK Gov’s “30-Year rule” for Official Secrets).

BACKGROUND:

Mozilla allows the user interface (menus, toolbars, etc) to be customised
by “plugins” – extra bits of software which add nifty features like
blocking adverts, etc.

EFFECT:

This means that a malicious website could change the “Location:” bar to
say something trustworthy.

IMPACT:

www.badsite.com can present a copy of your bank’s login screen, and you
can’t use the “The Location: bar must say ‘www.goodsite.com’” test to
ensure that you are really visiting that site.
So you can see a webpage that looks like the site you expected to see, and
the Location: bar says www.goodsite.com, but you would actually be sending
your password to www.badsite.com

CAVEATS:

- Internet Explorer has a more deeply-rooted bug, for which a patch is
expected in the next few weeks (this is a *POOR* excuse)
- You would have to be hoaxed into visiting the bad site
- We have no way of knowing what flaws exist in other web browsers (this
is a *VERY POOR* excuse, at best).
- tru5tn01

SUMMARY:

The “Caveats” are insignificant. This is a significant problem, which has
existed for 5 years, and has only just come to light.
The fact that Internet Explorer is crap, is no excuse at all.

WORKAROUND:

- In Mozilla/FireFox, type “about:config” in the Location:bar
- Change the settings below to “TRUE”:
- Restart Mozilla/FireFox

SETTINGS TO CHANGE:

dom.disable_window_move_resize = true
dom.disable_window_open_feature.close = true
dom.disable_window_open_feature.directories = true
dom.disable_window_open_feature.location = true
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.minimizable = true
dom.disable_window_open_feature.personalbar = true
dom.disable_window_open_feature.resizable = true
dom.disable_window_open_feature.scrollbars = true
dom.disable_window_open_feature.status = true
dom.disable_window_open_feature.titlebar = true
dom.disable_window_open_feature.toolbar = true
dom.disable_window_status_change = true

It could be argued that these should be set to “True” by default, which
would avoid the problem in the first place.

REFERENCES:

Thanks to the person that sent me a mail on this.

Filed: Technology

You can follow any responses to this entry through the RSS 2.0 feed.

You can leave a comment or leave a trackback from your own site.

Leave a Reply

 
What's ianteresting?   •   Twitter   •   About   •   Contact
©2012 Ian Winter. All Rights Reserved.   •   Powered by WordPress   •   Hosted at Memset